CVE-2024-22116

Description

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.

How to fix CVE-2024-22116

To remediate CVE-2024-22116, upgrade the affected package to a fixed version below.

Debian/zabbix—upgrade to 1:5.0.44+dfsg-1+deb11u1 or later

Is CVE-2024-22116 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1:5.0.44+dfsg-1+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-22116